What is CVE-2018-15686?

CVE-2018-15686 is a high-severity vulnerability in Systemd. CVSS score: 7.0/10. Published 2018-10-26.

How severe is CVE-2018-15686?

High severity. CVSS v3 base score is 7.0 out of 10.

Is CVE-2018-15686 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Systemd

CVE-2018-15686

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escala…

EPSS: 0.015 (81.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Systemd — versions unspecified

Public proof-of-concept exploits

References

GLSA-201810-10 (vendor-advisory, x_refsource_GENTOO)
[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update (mailing-list, x_refsource_MLIST)
105747 (vdb-entry, x_refsource_BID)
45714 (exploit, x_refsource_EXPLOIT-DB)
USN-3816-1 (x_refsource_UBUNTU, vendor-advisory)
RHSA-2019:2091 (x_refsource_REDHAT, vendor-advisory)
RHSA-2019:3222 (x_refsource_REDHAT, vendor-advisory)
RHSA-2020:0593 (x_refsource_REDHAT, vendor-advisory)
[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image (mailing-list, x_refsource_MLIST)
www.oracle.com//security-alerts/cpujul2021.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-15686?: CVE-2018-15686 is a high-severity vulnerability in Systemd. CVSS score: 7.0/10. Published 2018-10-26.
How severe is CVE-2018-15686?: High severity. CVSS v3 base score is 7.0 out of 10.
Is CVE-2018-15686 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.